diff options
author | Jakub Jelinek <jakub@redhat.com> | 2007-07-31 13:33:18 +0000 |
---|---|---|
committer | Jakub Jelinek <jakub@redhat.com> | 2007-07-31 13:33:18 +0000 |
commit | 32c075e1f01849e161724bbd400ba77244e482cc (patch) | |
tree | 5f083a3f352104f32bb6c902d57fa3f294bd8d4d /nscd | |
parent | d6220e9ee38c1c9285221b023346201ec5f511b3 (diff) | |
download | glibc-32c075e1f01849e161724bbd400ba77244e482cc.tar.gz glibc-32c075e1f01849e161724bbd400ba77244e482cc.tar.xz glibc-32c075e1f01849e161724bbd400ba77244e482cc.zip |
.
Diffstat (limited to 'nscd')
-rw-r--r-- | nscd/Makefile | 2 | ||||
-rw-r--r-- | nscd/cache.c | 2 | ||||
-rw-r--r-- | nscd/gai.c | 5 | ||||
-rw-r--r-- | nscd/grpcache.c | 3 | ||||
-rw-r--r-- | nscd/nscd-client.h | 10 | ||||
-rw-r--r-- | nscd/nscd.c | 4 | ||||
-rw-r--r-- | nscd/nscd.init | 9 | ||||
-rw-r--r-- | nscd/nscd_getai.c | 71 | ||||
-rw-r--r-- | nscd/nscd_getgr_r.c | 108 | ||||
-rw-r--r-- | nscd/nscd_gethst_r.c | 147 | ||||
-rw-r--r-- | nscd/nscd_getpw_r.c | 70 | ||||
-rw-r--r-- | nscd/nscd_helper.c | 43 | ||||
-rw-r--r-- | nscd/nscd_initgroups.c | 62 | ||||
-rw-r--r-- | nscd/pwdcache.c | 3 | ||||
-rw-r--r-- | nscd/selinux.c | 18 | ||||
-rw-r--r-- | nscd/selinux.h | 4 |
16 files changed, 339 insertions, 222 deletions
diff --git a/nscd/Makefile b/nscd/Makefile index 21657abeb7..9c98018217 100644 --- a/nscd/Makefile +++ b/nscd/Makefile @@ -119,7 +119,9 @@ CFLAGS-initgrcache.c += $(nscd-cflags) CFLAGS-gai.c += $(nscd-cflags) ifeq (yesyes,$(have-fpie)$(build-shared)) +ifeq (yes,$(have-z-relro)) relro-LDFLAGS += -Wl,-z,now +endif $(objpfx)nscd: $(addprefix $(objpfx),$(nscd-modules:=.o)) $(LINK.o) -pie -Wl,-O1 $(nscd-cflags) \ diff --git a/nscd/cache.c b/nscd/cache.c index ef986f374a..be9be2aa4f 100644 --- a/nscd/cache.c +++ b/nscd/cache.c @@ -125,7 +125,7 @@ cache_add (int type, const void *key, size_t len, struct datahead *packet, dbg_log (_("add new entry \"%s\" of type %s for %s to cache%s"), str, serv2str[type], dbnames[table - dbs], - first ? _(" (first)") : ""); + first ? " (first)" : ""); } unsigned long int hash = __nis_hash (key, len) % table->head->module; diff --git a/nscd/gai.c b/nscd/gai.c index 2e706bdfe7..68719d876a 100644 --- a/nscd/gai.c +++ b/nscd/gai.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 2004. @@ -15,6 +15,7 @@ along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ +#include <alloca.h> /* This file uses the getaddrinfo code but it compiles it without NSCD support. We just need a few symbol renames. */ #define __getservbyname_r getservbyname_r @@ -26,6 +27,8 @@ #define __sendto sendto #define __strchrnul strchrnul #define __getline getline +/* nscd uses 1MB or 2MB thread stacks. */ +#define __libc_use_alloca(size) (size <= __MAX_ALLOCA_CUTOFF) #include <getaddrinfo.c> diff --git a/nscd/grpcache.c b/nscd/grpcache.c index 5a8fba4759..c207492cc0 100644 --- a/nscd/grpcache.c +++ b/nscd/grpcache.c @@ -1,5 +1,5 @@ /* Cache handling for group lookup. - Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. + Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -279,6 +279,7 @@ cache_addgr (struct database_dyn *db, int fd, request_header *req, /* Adjust pointers into the memory block. */ gr_name = (char *) newp + (gr_name - (char *) dataset); cp = (char *) newp + (cp - (char *) dataset); + key_copy = (char *) newp + (key_copy - (char *) dataset); dataset = memcpy (newp, dataset, total + n); alloca_used = false; diff --git a/nscd/nscd-client.h b/nscd/nscd-client.h index 0fd2d9f547..8946b6315b 100644 --- a/nscd/nscd-client.h +++ b/nscd/nscd-client.h @@ -1,4 +1,4 @@ -/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006 +/* Copyright (c) 1998, 1999, 2000, 2003, 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. @@ -307,10 +307,10 @@ static inline int __nscd_drop_map_ref (struct mapped_database *map, /* Search the mapped database. */ -extern const struct datahead *__nscd_cache_search (request_type type, - const char *key, - size_t keylen, - const struct mapped_database *mapped); +extern struct datahead *__nscd_cache_search (request_type type, + const char *key, + size_t keylen, + const struct mapped_database *mapped); /* Wrappers around read, readv and write that only read/write less than LEN bytes on error or EOF. */ diff --git a/nscd/nscd.c b/nscd/nscd.c index b68ae2f413..add4698406 100644 --- a/nscd/nscd.c +++ b/nscd/nscd.c @@ -1,4 +1,4 @@ -/* Copyright (c) 1998-2006, 2007 Free Software Foundation, Inc. +/* Copyright (c) 1998-2003, 2004, 2005, 2006 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@suse.de>, 1998. @@ -402,7 +402,7 @@ print_version (FILE *stream, struct argp_state *state) Copyright (C) %s Free Software Foundation, Inc.\n\ This is free software; see the source for copying conditions. There is NO\n\ warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\n\ -"), "2007"); +"), "2006"); fprintf (stream, gettext ("Written by %s.\n"), "Thorsten Kukuk and Ulrich Drepper"); } diff --git a/nscd/nscd.init b/nscd/nscd.init index a882da7d8b..a0074b99e5 100644 --- a/nscd/nscd.init +++ b/nscd/nscd.init @@ -49,8 +49,15 @@ prog=nscd start () { [ -d /var/run/nscd ] || mkdir /var/run/nscd [ -d /var/db/nscd ] || mkdir /var/db/nscd + secure="" +# for table in passwd group hosts +# do +# if egrep -q '^'$table':.*nisplus' /etc/nsswitch.conf; then +# /usr/lib/nscd_nischeck $table || secure="$secure -S $table,yes" +# fi +# done echo -n $"Starting $prog: " - daemon /usr/sbin/nscd + daemon /usr/sbin/nscd $secure RETVAL=$? echo [ $RETVAL -eq 0 ] && touch /var/lock/subsys/nscd diff --git a/nscd/nscd_getai.c b/nscd/nscd_getai.c index b59c31ea26..5df32dc6dc 100644 --- a/nscd/nscd_getai.c +++ b/nscd/nscd_getai.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2004. @@ -42,6 +42,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) { size_t keylen = strlen (key) + 1; int gc_cycle; + int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ @@ -50,49 +51,53 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) &gc_cycle); retry:; - const ai_response_header *ai_resp = NULL; struct nscd_ai_result *resultbuf = NULL; const char *recend = (const char *) ~UINTMAX_C (0); char *respdata = NULL; int retval = -1; int sock = -1; + ai_response_header ai_resp; if (mapped != NO_MAPPING) { - const struct datahead *found = __nscd_cache_search (GETAI, key, keylen, - mapped); + struct datahead *found = __nscd_cache_search (GETAI, key, keylen, + mapped); if (found != NULL) { - ai_resp = &found->data[0].aidata; - respdata = (char *) (ai_resp + 1); + respdata = (char *) (&found->data[0].aidata + 1); + ai_resp = found->data[0].aidata; recend = (const char *) found->data + found->recsize; + /* Now check if we can trust ai_resp fields. If GC is + in progress, it can contain anything. */ + if (mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out; + } } } /* If we do not have the cache mapped, try to get the data over the socket. */ - ai_response_header ai_resp_mem; - if (ai_resp == NULL) + if (respdata == NULL) { - sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp_mem, - sizeof (ai_resp_mem)); + sock = __nscd_open_socket (key, keylen, GETAI, &ai_resp, + sizeof (ai_resp)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_hosts = 1; goto out; } - - ai_resp = &ai_resp_mem; } - if (ai_resp->found == 1) + if (ai_resp.found == 1) { - size_t datalen = ai_resp->naddrs + ai_resp->addrslen + ai_resp->canonlen; + size_t datalen = ai_resp.naddrs + ai_resp.addrslen + ai_resp.canonlen; - /* This check is really only affects the case where the data + /* This check really only affects the case where the data comes from the mapped cache. */ - if ((char *) (ai_resp + 1) + datalen > recend) + if (respdata + datalen > recend) { assert (sock == -1); goto out; @@ -108,10 +113,10 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } /* Set up the data structure, including pointers. */ - resultbuf->naddrs = ai_resp->naddrs; + resultbuf->naddrs = ai_resp.naddrs; resultbuf->addrs = (char *) (resultbuf + 1); - resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp->addrslen); - if (ai_resp->canonlen != 0) + resultbuf->family = (uint8_t *) (resultbuf->addrs + ai_resp.addrslen); + if (ai_resp.canonlen != 0) resultbuf->canon = (char *) (resultbuf->family + resultbuf->naddrs); else resultbuf->canon = NULL; @@ -137,10 +142,13 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) /* Try to detect corrupt databases. */ if (resultbuf->canon != NULL - && resultbuf->canon[ai_resp->canonlen - 1] != '\0') + && resultbuf->canon[ai_resp.canonlen - 1] != '\0') /* We cannot use the database. */ { - free (resultbuf); + if (mapped->head->gc_cycle != gc_cycle) + retval = -2; + else + free (resultbuf); goto out_close; } @@ -150,7 +158,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } else { - if (__builtin_expect (ai_resp->found == -1, 0)) + if (__builtin_expect (ai_resp.found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_hosts = 1; @@ -158,7 +166,7 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) } /* Store the error number. */ - *h_errnop = ai_resp->error; + *h_errnop = ai_resp.error; /* The `errno' to some value != ERANGE. */ __set_errno (ENOENT); @@ -170,22 +178,25 @@ __nscd_getai (const char *key, struct nscd_ai_result **result, int *h_errnop) if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0) + if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ - __nscd_unmap (mapped); + if (atomic_decrement_val (&mapped->counter) == 0) + __nscd_unmap (mapped); mapped = NO_MAPPING; } - *result = NULL; - free (resultbuf); - - goto retry; + if (retval != -1) + { + *result = NULL; + free (resultbuf); + goto retry; + } } return retval; diff --git a/nscd/nscd_getgr_r.c b/nscd/nscd_getgr_r.c index 922b906c19..fc036f2888 100644 --- a/nscd/nscd_getgr_r.c +++ b/nscd/nscd_getgr_r.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1998-2000, 2002-2005, 2006 Free Software Foundation, Inc. +/* Copyright (C) 1998-2000, 2002-2005, 2006, 2007 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998. @@ -88,6 +89,7 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, struct group **result) { int gc_cycle; + int nretries = 0; const uint32_t *len = NULL; size_t lensize = 0; @@ -97,55 +99,59 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, &__gr_map_handle, &gc_cycle); retry:; - const gr_response_header *gr_resp = NULL; const char *gr_name = NULL; size_t gr_name_len = 0; int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); + gr_response_header gr_resp; if (mapped != NO_MAPPING) { - const struct datahead *found = __nscd_cache_search (type, key, keylen, - mapped); + struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); if (found != NULL) { - gr_resp = &found->data[0].grdata; - len = (const uint32_t *) (gr_resp + 1); - /* The alignment is always sufficient. */ - assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0); + len = (const uint32_t *) (&found->data[0].grdata + 1); + gr_resp = found->data[0].grdata; gr_name = ((const char *) len - + gr_resp->gr_mem_cnt * sizeof (uint32_t)); - gr_name_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len; + + gr_resp.gr_mem_cnt * sizeof (uint32_t)); + gr_name_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len; recend = (const char *) found->data + found->recsize; + /* Now check if we can trust gr_resp fields. If GC is + in progress, it can contain anything. */ + if (mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out; + } + + /* The alignment is always sufficient, unless GC is in progress. */ + assert (((uintptr_t) len & (__alignof__ (*len) - 1)) == 0); } } - gr_response_header gr_resp_mem; int sock = -1; - if (gr_resp == NULL) + if (gr_name == NULL) { - sock = __nscd_open_socket (key, keylen, type, &gr_resp_mem, - sizeof (gr_resp_mem)); + sock = __nscd_open_socket (key, keylen, type, &gr_resp, + sizeof (gr_resp)); if (sock == -1) { __nss_not_use_nscd_group = 1; goto out; } - - gr_resp = &gr_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (gr_resp->found == -1, 0)) + if (__builtin_expect (gr_resp.found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_group = 1; goto out_close; } - if (gr_resp->found == 1) + if (gr_resp.found == 1) { struct iovec vec[2]; char *p = buffer; @@ -157,8 +163,8 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, align the pointer. */ align = ((__alignof__ (char *) - (p - ((char *) 0))) & (__alignof__ (char *) - 1)); - total_len = (align + (1 + gr_resp->gr_mem_cnt) * sizeof (char *) - + gr_resp->gr_name_len + gr_resp->gr_passwd_len); + total_len = (align + (1 + gr_resp.gr_mem_cnt) * sizeof (char *) + + gr_resp.gr_name_len + gr_resp.gr_passwd_len); if (__builtin_expect (buflen < total_len, 0)) { no_room: @@ -170,16 +176,16 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, p += align; resultbuf->gr_mem = (char **) p; - p += (1 + gr_resp->gr_mem_cnt) * sizeof (char *); + p += (1 + gr_resp.gr_mem_cnt) * sizeof (char *); /* Set pointers for strings. */ resultbuf->gr_name = p; - p += gr_resp->gr_name_len; + p += gr_resp.gr_name_len; resultbuf->gr_passwd = p; - p += gr_resp->gr_passwd_len; + p += gr_resp.gr_passwd_len; /* Fill in what we know now. */ - resultbuf->gr_gid = gr_resp->gr_gid; + resultbuf->gr_gid = gr_resp.gr_gid; /* Read the length information, group name, and password. */ if (gr_name == NULL) @@ -187,17 +193,17 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* Allocate array to store lengths. */ if (lensize == 0) { - lensize = gr_resp->gr_mem_cnt * sizeof (uint32_t); + lensize = gr_resp.gr_mem_cnt * sizeof (uint32_t); len = (uint32_t *) alloca (lensize); } - else if (gr_resp->gr_mem_cnt * sizeof (uint32_t) > lensize) + else if (gr_resp.gr_mem_cnt * sizeof (uint32_t) > lensize) len = extend_alloca (len, lensize, - gr_resp->gr_mem_cnt * sizeof (uint32_t)); + gr_resp.gr_mem_cnt * sizeof (uint32_t)); vec[0].iov_base = (void *) len; - vec[0].iov_len = gr_resp->gr_mem_cnt * sizeof (uint32_t); + vec[0].iov_len = gr_resp.gr_mem_cnt * sizeof (uint32_t); vec[1].iov_base = resultbuf->gr_name; - vec[1].iov_len = gr_resp->gr_name_len + gr_resp->gr_passwd_len; + vec[1].iov_len = gr_resp.gr_name_len + gr_resp.gr_passwd_len; total_len = vec[0].iov_len + vec[1].iov_len; /* Get this data. */ @@ -209,14 +215,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* We already have the data. Just copy the group name and password. */ memcpy (resultbuf->gr_name, gr_name, - gr_resp->gr_name_len + gr_resp->gr_passwd_len); + gr_resp.gr_name_len + gr_resp.gr_passwd_len); /* Clear the terminating entry. */ - resultbuf->gr_mem[gr_resp->gr_mem_cnt] = NULL; + resultbuf->gr_mem[gr_resp.gr_mem_cnt] = NULL; /* Prepare reading the group members. */ total_len = 0; - for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt) + for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt) { resultbuf->gr_mem[cnt] = p; total_len += len[cnt]; @@ -224,9 +230,25 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, } if (__builtin_expect (gr_name + gr_name_len + total_len > recend, 0)) - goto out_close; + { + /* len array might contain garbage during nscd GC cycle, + retry rather than fail in that case. */ + if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle) + retval = -2; + goto out_close; + } if (__builtin_expect (total_len > buflen, 0)) - goto no_room; + { + /* len array might contain garbage during nscd GC cycle, + retry rather than fail in that case. */ + if (gr_name != NULL && mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out_close; + } + else + goto no_room; + } retval = 0; if (gr_name == NULL) @@ -248,14 +270,14 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, /* Try to detect corrupt databases. */ if (resultbuf->gr_name[gr_name_len - 1] != '\0' - || resultbuf->gr_passwd[gr_resp->gr_passwd_len - 1] != '\0' - || ({for (cnt = 0; cnt < gr_resp->gr_mem_cnt; ++cnt) + || resultbuf->gr_passwd[gr_resp.gr_passwd_len - 1] != '\0' + || ({for (cnt = 0; cnt < gr_resp.gr_mem_cnt; ++cnt) if (resultbuf->gr_mem[cnt][len[cnt] - 1] != '\0') break; - cnt < gr_resp->gr_mem_cnt; })) + cnt < gr_resp.gr_mem_cnt; })) { /* We cannot use the database. */ - retval = -1; + retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1; goto out_close; } @@ -274,19 +296,21 @@ nscd_getgr_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0) + if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ - __nscd_unmap (mapped); + if (atomic_decrement_val (&mapped->counter) == 0) + __nscd_unmap (mapped); mapped = NO_MAPPING; } - goto retry; + if (retval != -1) + goto retry; } return retval; diff --git a/nscd/nscd_gethst_r.c b/nscd/nscd_gethst_r.c index 516977bcc4..90e1815bdd 100644 --- a/nscd/nscd_gethst_r.c +++ b/nscd/nscd_gethst_r.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. +/* Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -118,7 +118,6 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, &gc_cycle); retry:; - const hst_response_header *hst_resp = NULL; const char *h_name = NULL; const uint32_t *aliases_len = NULL; const char *addr_list = NULL; @@ -126,18 +125,27 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); int sock = -1; + hst_response_header hst_resp; if (mapped != NO_MAPPING) { - const struct datahead *found = __nscd_cache_search (type, key, keylen, - mapped); + /* No const qualifier, as it can change during garbage collection. */ + struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); if (found != NULL) { - hst_resp = &found->data[0].hstdata; - h_name = (char *) (hst_resp + 1); - aliases_len = (uint32_t *) (h_name + hst_resp->h_name_len); + h_name = (char *) (&found->data[0].hstdata + 1); + hst_resp = found->data[0].hstdata; + aliases_len = (uint32_t *) (h_name + hst_resp.h_name_len); addr_list = ((char *) aliases_len - + hst_resp->h_aliases_cnt * sizeof (uint32_t)); - addr_list_len = hst_resp->h_addr_list_cnt * INADDRSZ; + + hst_resp.h_aliases_cnt * sizeof (uint32_t)); + addr_list_len = hst_resp.h_addr_list_cnt * INADDRSZ; + recend = (const char *) found->data + found->recsize; + /* Now check if we can trust hst_resp fields. If GC is + in progress, it can contain anything. */ + if (mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out; + } #ifndef _STRING_ARCH_unaligned /* The aliases_len array in the mapped database might very @@ -147,51 +155,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (((uintptr_t) aliases_len & (__alignof__ (*aliases_len) - 1)) != 0) { - uint32_t *tmp = alloca (hst_resp->h_aliases_cnt + uint32_t *tmp = alloca (hst_resp.h_aliases_cnt * sizeof (uint32_t)); aliases_len = memcpy (tmp, aliases_len, - hst_resp->h_aliases_cnt + hst_resp.h_aliases_cnt * sizeof (uint32_t)); } #endif if (type != GETHOSTBYADDR && type != GETHOSTBYNAME) { - if (hst_resp->h_length == INADDRSZ) + if (hst_resp.h_length == INADDRSZ) addr_list += addr_list_len; - addr_list_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ; + addr_list_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ; } - recend = (const char *) found->data + found->recsize; if (__builtin_expect ((const char *) addr_list + addr_list_len > recend, 0)) - goto out_close; + goto out; } } - hst_response_header hst_resp_mem; - if (hst_resp == NULL) + if (h_name == NULL) { - sock = __nscd_open_socket (key, keylen, type, &hst_resp_mem, - sizeof (hst_resp_mem)); + sock = __nscd_open_socket (key, keylen, type, &hst_resp, + sizeof (hst_resp)); if (sock == -1) { __nss_not_use_nscd_hosts = 1; - goto out;; + goto out; } - - hst_resp = &hst_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (hst_resp->found == -1, 0)) + if (__builtin_expect (hst_resp.found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_hosts = 1; goto out_close; } - if (hst_resp->found == 1) + if (hst_resp.found == 1) { struct iovec vec[4]; char *cp = buffer; @@ -207,15 +211,15 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, align the pointer and the base of the h_addr_list pointers. */ align1 = ((__alignof__ (char *) - (cp - ((char *) 0))) & (__alignof__ (char *) - 1)); - align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp->h_name_len) + align2 = ((__alignof__ (char *) - ((cp + align1 + hst_resp.h_name_len) - ((char *) 0))) & (__alignof__ (char *) - 1)); - if (buflen < (align1 + hst_resp->h_name_len + align2 - + ((hst_resp->h_aliases_cnt + hst_resp->h_addr_list_cnt + if (buflen < (align1 + hst_resp.h_name_len + align2 + + ((hst_resp.h_aliases_cnt + hst_resp.h_addr_list_cnt + 2) * sizeof (char *)) - + hst_resp->h_addr_list_cnt * (type == AF_INET - ? INADDRSZ : IN6ADDRSZ))) + + hst_resp.h_addr_list_cnt * (type == AF_INET + ? INADDRSZ : IN6ADDRSZ))) { no_room: *h_errnop = NETDB_INTERNAL; @@ -227,12 +231,12 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, /* Prepare the result as far as we can. */ resultbuf->h_aliases = (char **) cp; - cp += (hst_resp->h_aliases_cnt + 1) * sizeof (char *); + cp += (hst_resp.h_aliases_cnt + 1) * sizeof (char *); resultbuf->h_addr_list = (char **) cp; - cp += (hst_resp->h_addr_list_cnt + 1) * sizeof (char *); + cp += (hst_resp.h_addr_list_cnt + 1) * sizeof (char *); resultbuf->h_name = cp; - cp += hst_resp->h_name_len + align2; + cp += hst_resp.h_name_len + align2; if (type == GETHOSTBYADDR || type == GETHOSTBYNAME) { @@ -244,7 +248,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, resultbuf->h_addrtype = AF_INET6; resultbuf->h_length = IN6ADDRSZ; } - for (cnt = 0; cnt < hst_resp->h_addr_list_cnt; ++cnt) + for (cnt = 0; cnt < hst_resp.h_addr_list_cnt; ++cnt) { resultbuf->h_addr_list[cnt] = cp; cp += resultbuf->h_length; @@ -254,47 +258,47 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (h_name == NULL) { vec[0].iov_base = resultbuf->h_name; - vec[0].iov_len = hst_resp->h_name_len; - total_len = hst_resp->h_name_len; + vec[0].iov_len = hst_resp.h_name_len; + total_len = hst_resp.h_name_len; n = 1; - if (hst_resp->h_aliases_cnt > 0) + if (hst_resp.h_aliases_cnt > 0) { - aliases_len = alloca (hst_resp->h_aliases_cnt + aliases_len = alloca (hst_resp.h_aliases_cnt * sizeof (uint32_t)); vec[n].iov_base = (void *) aliases_len; - vec[n].iov_len = hst_resp->h_aliases_cnt * sizeof (uint32_t); + vec[n].iov_len = hst_resp.h_aliases_cnt * sizeof (uint32_t); - total_len += hst_resp->h_aliases_cnt * sizeof (uint32_t); + total_len += hst_resp.h_aliases_cnt * sizeof (uint32_t); ++n; } if (type == GETHOSTBYADDR || type == GETHOSTBYNAME) { vec[n].iov_base = resultbuf->h_addr_list[0]; - vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ; + vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ; - total_len += hst_resp->h_addr_list_cnt * INADDRSZ; + total_len += hst_resp.h_addr_list_cnt * INADDRSZ; ++n; } else { - if (hst_resp->h_length == INADDRSZ) + if (hst_resp.h_length == INADDRSZ) { - ignore = alloca (hst_resp->h_addr_list_cnt * INADDRSZ); + ignore = alloca (hst_resp.h_addr_list_cnt * INADDRSZ); vec[n].iov_base = ignore; - vec[n].iov_len = hst_resp->h_addr_list_cnt * INADDRSZ; + vec[n].iov_len = hst_resp.h_addr_list_cnt * INADDRSZ; - total_len += hst_resp->h_addr_list_cnt * INADDRSZ; + total_len += hst_resp.h_addr_list_cnt * INADDRSZ; ++n; } vec[n].iov_base = resultbuf->h_addr_list[0]; - vec[n].iov_len = hst_resp->h_addr_list_cnt * IN6ADDRSZ; + vec[n].iov_len = hst_resp.h_addr_list_cnt * IN6ADDRSZ; - total_len += hst_resp->h_addr_list_cnt * IN6ADDRSZ; + total_len += hst_resp.h_addr_list_cnt * IN6ADDRSZ; ++n; } @@ -304,13 +308,13 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, } else { - memcpy (resultbuf->h_name, h_name, hst_resp->h_name_len); + memcpy (resultbuf->h_name, h_name, hst_resp.h_name_len); memcpy (resultbuf->h_addr_list[0], addr_list, addr_list_len); } /* Now we also can read the aliases. */ total_len = 0; - for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt) + for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt) { resultbuf->h_aliases[cnt] = cp; cp += aliases_len[cnt]; @@ -320,10 +324,25 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (__builtin_expect ((const char *) addr_list + addr_list_len + total_len > recend, 0)) - goto out_close; + { + /* aliases_len array might contain garbage during nscd GC cycle, + retry rather than fail in that case. */ + if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle) + retval = -2; + goto out_close; + } /* See whether this would exceed the buffer capacity. */ if (__builtin_expect (cp > buffer + buflen, 0)) - goto no_room; + { + /* aliases_len array might contain garbage during nscd GC cycle, + retry rather than fail in that case. */ + if (addr_list != NULL && mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out_close; + } + goto no_room; + } /* And finally read the aliases. */ if (addr_list == NULL) @@ -342,14 +361,18 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, (const char *) addr_list + addr_list_len, total_len); /* Try to detect corrupt databases. */ - if (resultbuf->h_name[hst_resp->h_name_len - 1] != '\0' - || ({for (cnt = 0; cnt < hst_resp->h_aliases_cnt; ++cnt) + if (resultbuf->h_name[hst_resp.h_name_len - 1] != '\0' + || ({for (cnt = 0; cnt < hst_resp.h_aliases_cnt; ++cnt) if (resultbuf->h_aliases[cnt][aliases_len[cnt] - 1] != '\0') break; - cnt < hst_resp->h_aliases_cnt; })) - /* We cannot use the database. */ - goto out_close; + cnt < hst_resp.h_aliases_cnt; })) + { + /* We cannot use the database. */ + if (mapped->head->gc_cycle != gc_cycle) + retval = -2; + goto out_close; + } retval = 0; *result = resultbuf; @@ -358,7 +381,7 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, else { /* Store the error number. */ - *h_errnop = hst_resp->error; + *h_errnop = hst_resp.error; /* The `errno' to some value != ERANGE. */ __set_errno (ENOENT); @@ -370,19 +393,21 @@ nscd_gethst_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0 || ++nretries == 5) + if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ - __nscd_unmap (mapped); + if (atomic_decrement_val (&mapped->counter) == 0) + __nscd_unmap (mapped); mapped = NO_MAPPING; } - goto retry; + if (retval != -1) + goto retry; } return retval; diff --git a/nscd/nscd_getpw_r.c b/nscd/nscd_getpw_r.c index e8e4d7364f..b84baa1a66 100644 --- a/nscd/nscd_getpw_r.c +++ b/nscd/nscd_getpw_r.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1998, 1999, 2003, 2004, 2005 Free Software Foundation, Inc. +/* Copyright (C) 1998, 1999, 2003, 2004, 2005, 2007 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Thorsten Kukuk <kukuk@uni-paderborn.de>, 1998. @@ -88,76 +89,81 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, struct passwd **result) { int gc_cycle; + int nretries = 0; + /* If the mapping is available, try to search there instead of communicating with the nscd. */ struct mapped_database *mapped; mapped = __nscd_get_map_ref (GETFDPW, "passwd", &map_handle, &gc_cycle); retry:; - const pw_response_header *pw_resp = NULL; const char *pw_name = NULL; int retval = -1; const char *recend = (const char *) ~UINTMAX_C (0); + pw_response_header pw_resp; if (mapped != NO_MAPPING) { - const struct datahead *found = __nscd_cache_search (type, key, keylen, - mapped); + struct datahead *found = __nscd_cache_search (type, key, keylen, mapped); if (found != NULL) { - pw_resp = &found->data[0].pwdata; - pw_name = (const char *) (pw_resp + 1); + pw_name = (const char *) (&found->data[0].pwdata + 1); + pw_resp = found->data[0].pwdata; recend = (const char *) found->data + found->recsize; + /* Now check if we can trust pw_resp fields. If GC is + in progress, it can contain anything. */ + if (mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out; + } } } - pw_response_header pw_resp_mem; int sock = -1; - if (pw_resp == NULL) + if (pw_name == NULL) { - sock = __nscd_open_socket (key, keylen, type, &pw_resp_mem, - sizeof (pw_resp_mem)); + sock = __nscd_open_socket (key, keylen, type, &pw_resp, + sizeof (pw_resp)); if (sock == -1) { __nss_not_use_nscd_passwd = 1; goto out; } - - pw_resp = &pw_resp_mem; } /* No value found so far. */ *result = NULL; - if (__builtin_expect (pw_resp->found == -1, 0)) + if (__builtin_expect (pw_resp.found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_passwd = 1; goto out_close; } - if (pw_resp->found == 1) + if (pw_resp.found == 1) { /* Set the information we already have. */ - resultbuf->pw_uid = pw_resp->pw_uid; - resultbuf->pw_gid = pw_resp->pw_gid; + resultbuf->pw_uid = pw_resp.pw_uid; + resultbuf->pw_gid = pw_resp.pw_gid; char *p = buffer; /* get pw_name */ resultbuf->pw_name = p; - p += pw_resp->pw_name_len; + p += pw_resp.pw_name_len; /* get pw_passwd */ resultbuf->pw_passwd = p; - p += pw_resp->pw_passwd_len; + p += pw_resp.pw_passwd_len; /* get pw_gecos */ resultbuf->pw_gecos = p; - p += pw_resp->pw_gecos_len; + p += pw_resp.pw_gecos_len; /* get pw_dir */ resultbuf->pw_dir = p; - p += pw_resp->pw_dir_len; + p += pw_resp.pw_dir_len; /* get pw_pshell */ resultbuf->pw_shell = p; - p += pw_resp->pw_shell_len; + p += pw_resp.pw_shell_len; ssize_t total = p - buffer; if (__builtin_expect (pw_name + total > recend, 0)) @@ -189,14 +195,14 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, memcpy (resultbuf->pw_name, pw_name, total); /* Try to detect corrupt databases. */ - if (resultbuf->pw_name[pw_resp->pw_name_len - 1] != '\0' - || resultbuf->pw_passwd[pw_resp->pw_passwd_len - 1] != '\0' - || resultbuf->pw_gecos[pw_resp->pw_gecos_len - 1] != '\0' - || resultbuf->pw_dir[pw_resp->pw_dir_len - 1] != '\0' - || resultbuf->pw_shell[pw_resp->pw_shell_len - 1] != '\0') + if (resultbuf->pw_name[pw_resp.pw_name_len - 1] != '\0' + || resultbuf->pw_passwd[pw_resp.pw_passwd_len - 1] != '\0' + || resultbuf->pw_gecos[pw_resp.pw_gecos_len - 1] != '\0' + || resultbuf->pw_dir[pw_resp.pw_dir_len - 1] != '\0' + || resultbuf->pw_shell[pw_resp.pw_shell_len - 1] != '\0') { /* We cannot use the database. */ - retval = -1; + retval = mapped->head->gc_cycle != gc_cycle ? -2 : -1; goto out_close; } @@ -215,19 +221,21 @@ nscd_getpw_r (const char *key, size_t keylen, request_type type, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0) + if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ - __nscd_unmap (mapped); + if (atomic_decrement_val (&mapped->counter) == 0) + __nscd_unmap (mapped); mapped = NO_MAPPING; } - goto retry; + if (retval != -1) + goto retry; } return retval; diff --git a/nscd/nscd_helper.c b/nscd/nscd_helper.c index 7c45981586..71ea53e19d 100644 --- a/nscd/nscd_helper.c +++ b/nscd/nscd_helper.c @@ -1,4 +1,5 @@ -/* Copyright (C) 1998-2002,2003,2004,2005,2006 Free Software Foundation, Inc. +/* Copyright (C) 1998-2002,2003,2004,2005,2006,2007 + Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -21,6 +22,7 @@ #include <errno.h> #include <fcntl.h> #include <stdbool.h> +#include <string.h> #include <time.h> #include <unistd.h> #include <sys/mman.h> @@ -186,6 +188,7 @@ get_mapping (request_type type, const char *key, request_header req; char key[keylen]; } reqdata; + size_t real_sizeof_reqdata = sizeof (request_header) + keylen; int sock = open_socket (); if (sock < 0) @@ -200,9 +203,9 @@ get_mapping (request_type type, const char *key, # define MSG_NOSIGNAL 0 # endif if (__builtin_expect (TEMP_FAILURE_RETRY (__send (sock, &reqdata, - sizeof (reqdata), + real_sizeof_reqdata, MSG_NOSIGNAL)) - != sizeof (reqdata), 0)) + != real_sizeof_reqdata, 0)) /* We cannot even write the request. */ goto out_close2; @@ -240,11 +243,12 @@ get_mapping (request_type type, const char *key, != keylen, 0)) goto out_close2; - mapfd = *(int *) CMSG_DATA (cmsg); + if (__builtin_expect (CMSG_FIRSTHDR (&msg) == NULL + || (CMSG_FIRSTHDR (&msg)->cmsg_len + != CMSG_LEN (sizeof (int))), 0)) + goto out_close2; - if (__builtin_expect (CMSG_FIRSTHDR (&msg)->cmsg_len - != CMSG_LEN (sizeof (int)), 0)) - goto out_close; + mapfd = *(int *) CMSG_DATA (cmsg); struct stat64 st; if (__builtin_expect (strcmp (resdata, key) != 0, 0) @@ -362,7 +366,10 @@ __nscd_get_map_ref (request_type type, const char *name, } -const struct datahead * +/* Don't return const struct datahead *, as eventhough the record + is normally constant, it can change arbitrarily during nscd + garbage collection. */ +struct datahead * __nscd_cache_search (request_type type, const char *key, size_t keylen, const struct mapped_database *mapped) { @@ -374,16 +381,32 @@ __nscd_cache_search (request_type type, const char *key, size_t keylen, { struct hashentry *here = (struct hashentry *) (mapped->data + work); +#ifndef _STRING_ARCH_unaligned + /* Although during garbage collection when moving struct hashentry + records around we first copy from old to new location and then + adjust pointer from previous hashentry to it, there is no barrier + between those memory writes. It is very unlikely to hit it, + so check alignment only if a misaligned load can crash the + application. */ + if ((uintptr_t) here & (__alignof__ (*here) - 1)) + return NULL; +#endif + if (type == here->type && keylen == here->len - && here->key + here->len <= datasize + && here->key + keylen <= datasize && memcmp (key, mapped->data + here->key, keylen) == 0 && here->packet + sizeof (struct datahead) <= datasize) { /* We found the entry. Increment the appropriate counter. */ - const struct datahead *dh + struct datahead *dh = (struct datahead *) (mapped->data + here->packet); +#ifndef _STRING_ARCH_unaligned + if ((uintptr_t) dh & (__alignof__ (*dh) - 1)) + return NULL; +#endif + /* See whether we must ignore the entry or whether something is wrong because garbage collection is in progress. */ if (dh->usable && here->packet + dh->allocsize <= datasize) diff --git a/nscd/nscd_initgroups.c b/nscd/nscd_initgroups.c index 97a037d4a9..866455a96c 100644 --- a/nscd/nscd_initgroups.c +++ b/nscd/nscd_initgroups.c @@ -1,4 +1,4 @@ -/* Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. +/* Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@redhat.com>, 2004. @@ -39,6 +39,7 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, { size_t userlen = strlen (user) + 1; int gc_cycle; + int nretries = 0; /* If the mapping is available, try to search there instead of communicating with the nscd. */ @@ -46,44 +47,49 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, mapped = __nscd_get_map_ref (GETFDGR, "group", &__gr_map_handle, &gc_cycle); retry:; - const initgr_response_header *initgr_resp = NULL; char *respdata = NULL; int retval = -1; int sock = -1; + initgr_response_header initgr_resp; if (mapped != NO_MAPPING) { - const struct datahead *found = __nscd_cache_search (INITGROUPS, user, - userlen, mapped); + struct datahead *found = __nscd_cache_search (INITGROUPS, user, + userlen, mapped); if (found != NULL) { - initgr_resp = &found->data[0].initgrdata; - respdata = (char *) (initgr_resp + 1); + respdata = (char *) (&found->data[0].initgrdata + 1); + initgr_resp = found->data[0].initgrdata; char *recend = (char *) found->data + found->recsize; - if (respdata + initgr_resp->ngrps * sizeof (int32_t) > recend) + /* Now check if we can trust initgr_resp fields. If GC is + in progress, it can contain anything. */ + if (mapped->head->gc_cycle != gc_cycle) + { + retval = -2; + goto out; + } + + if (respdata + initgr_resp.ngrps * sizeof (int32_t) > recend) goto out; } } /* If we do not have the cache mapped, try to get the data over the socket. */ - initgr_response_header initgr_resp_mem; - if (initgr_resp == NULL) + if (respdata == NULL) { - sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp_mem, - sizeof (initgr_resp_mem)); + sock = __nscd_open_socket (user, userlen, INITGROUPS, &initgr_resp, + sizeof (initgr_resp)); if (sock == -1) { /* nscd not running or wrong version. */ __nss_not_use_nscd_group = 1; goto out; } - - initgr_resp = &initgr_resp_mem; } - if (initgr_resp->found == 1) + if (initgr_resp.found == 1) { /* The following code assumes that gid_t and int32_t are the same size. This is the case for al existing implementation. @@ -91,40 +97,40 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, doesn't use memcpy but instead copies each array element one by one. */ assert (sizeof (int32_t) == sizeof (gid_t)); - assert (initgr_resp->ngrps >= 0); + assert (initgr_resp.ngrps >= 0); /* Make sure we have enough room. We always count GROUP in even though we might not end up adding it. */ - if (*size < initgr_resp->ngrps + 1) + if (*size < initgr_resp.ngrps + 1) { gid_t *newp = realloc (*groupsp, - (initgr_resp->ngrps + 1) * sizeof (gid_t)); + (initgr_resp.ngrps + 1) * sizeof (gid_t)); if (newp == NULL) /* We cannot increase the buffer size. */ goto out_close; *groupsp = newp; - *size = initgr_resp->ngrps + 1; + *size = initgr_resp.ngrps + 1; } if (respdata == NULL) { /* Read the data from the socket. */ - if ((size_t) __readall (sock, *groupsp, initgr_resp->ngrps + if ((size_t) __readall (sock, *groupsp, initgr_resp.ngrps * sizeof (gid_t)) - == initgr_resp->ngrps * sizeof (gid_t)) - retval = initgr_resp->ngrps; + == initgr_resp.ngrps * sizeof (gid_t)) + retval = initgr_resp.ngrps; } else { /* Just copy the data. */ - retval = initgr_resp->ngrps; + retval = initgr_resp.ngrps; memcpy (*groupsp, respdata, retval * sizeof (gid_t)); } } else { - if (__builtin_expect (initgr_resp->found == -1, 0)) + if (__builtin_expect (initgr_resp.found == -1, 0)) { /* The daemon does not cache this database. */ __nss_not_use_nscd_group = 1; @@ -153,19 +159,21 @@ __nscd_getgrouplist (const char *user, gid_t group, long int *size, if (sock != -1) close_not_cancel_no_status (sock); out: - if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0 && retval != -1) + if (__nscd_drop_map_ref (mapped, &gc_cycle) != 0) { /* When we come here this means there has been a GC cycle while we were looking for the data. This means the data might have been inconsistent. Retry if possible. */ - if ((gc_cycle & 1) != 0) + if ((gc_cycle & 1) != 0 || ++nretries == 5 || retval == -1) { /* nscd is just running gc now. Disable using the mapping. */ - __nscd_unmap (mapped); + if (atomic_decrement_val (&mapped->counter) == 0) + __nscd_unmap (mapped); mapped = NO_MAPPING; } - goto retry; + if (retval != -1) + goto retry; } return retval; diff --git a/nscd/pwdcache.c b/nscd/pwdcache.c index 01c223add5..ae579df510 100644 --- a/nscd/pwdcache.c +++ b/nscd/pwdcache.c @@ -1,5 +1,5 @@ /* Cache handling for passwd lookup. - Copyright (C) 1998-2005, 2006 Free Software Foundation, Inc. + Copyright (C) 1998-2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@cygnus.com>, 1998. @@ -274,6 +274,7 @@ cache_addpw (struct database_dyn *db, int fd, request_header *req, { /* Adjust pointer into the memory block. */ cp = (char *) newp + (cp - (char *) dataset); + key_copy = (char *) newp + (key_copy - (char *) dataset); dataset = memcpy (newp, dataset, total + n); alloca_used = false; diff --git a/nscd/selinux.c b/nscd/selinux.c index f0620d1012..b826031150 100644 --- a/nscd/selinux.c +++ b/nscd/selinux.c @@ -1,5 +1,5 @@ /* SELinux access controls for nscd. - Copyright (C) 2004, 2005, 2006 Free Software Foundation, Inc. + Copyright (C) 2004, 2005, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004. @@ -182,18 +182,22 @@ preserve_capabilities (void) if (tmp_caps == NULL || new_caps == NULL) { if (tmp_caps != NULL) - free_caps (tmp_caps); + cap_free (tmp_caps); dbg_log (_("Failed to initialize drop of capabilities")); error (EXIT_FAILURE, 0, _("cap_init failed")); } /* There is no reason why these should not work. */ - cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, new_cap_list, CAP_SET); - cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, new_cap_list, CAP_SET); + cap_set_flag (new_caps, CAP_PERMITTED, nnew_cap_list, + (cap_value_t *) new_cap_list, CAP_SET); + cap_set_flag (new_caps, CAP_EFFECTIVE, nnew_cap_list, + (cap_value_t *) new_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, tmp_cap_list, CAP_SET); - cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, tmp_cap_list, CAP_SET); + cap_set_flag (tmp_caps, CAP_PERMITTED, ntmp_cap_list, + (cap_value_t *) tmp_cap_list, CAP_SET); + cap_set_flag (tmp_caps, CAP_EFFECTIVE, ntmp_cap_list, + (cap_value_t *) tmp_cap_list, CAP_SET); int res = cap_set_proc (tmp_caps); @@ -202,7 +206,7 @@ preserve_capabilities (void) if (__builtin_expect (res != 0, 0)) { cap_free (new_caps); - dbg_log (_("Failed to drop capabilities")); + dbg_log (_("Failed to drop capabilities\n")); error (EXIT_FAILURE, 0, _("cap_set_proc failed")); } diff --git a/nscd/selinux.h b/nscd/selinux.h index 9ce0628486..27afcd6e86 100644 --- a/nscd/selinux.h +++ b/nscd/selinux.h @@ -1,5 +1,5 @@ /* Header for nscd SELinux access controls. - Copyright (C) 2004, 2006 Free Software Foundation, Inc. + Copyright (C) 2004, 2006, 2007 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Matthew Rickard <mjricka@epoch.ncsc.mil>, 2004. @@ -23,7 +23,7 @@ #include "nscd.h" #ifdef HAVE_LIBCAP -# include <sys/capabilities.h> +# include <sys/capability.h> #endif #ifdef HAVE_SELINUX |